PT-2026-21020

Name of the Vulnerable Software and Affected Versions Sync-in Server versions prior to 1.9.3 Description A Stored Cross-Site Scripting XSS issue exists in Sync-in Server. An authenticated attacker can execute arbitrary JavaScript in a victim’s browser. This is achieved by uploading a crafted SVG...

PT-2024-29420 · Typora +1 · Typora +1

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.9.3 Description: The issue is related to a cross-site scripting XSS vulnerability via the MathJax component. This allows for potential malicious script execution. Recommendations: For versions prior to 1.9.3, update...

PT-2020-5956 · Cloud Native Computing Foundation · Harbor

Name of the Vulnerable Software and Affected Versions: Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3 Description: The issue is related to Cross-Site Request Forgery CSRF in the Harbor web interface, which does not implement protection mechanisms against such attacks...

PYSEC-2016-16

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...